IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: IETF Pre-authentication Activity Date Submitted: February 26, 2006 Presented at IEEE session in Denver Authors or Source(s): Yoshihiro Ohba and Alper Yegin Abstract: The purpose of this document is to introduce an IETF activity on pre-authentication and heterogeneous handover and facilitate discussion on a possible new work in the WG.
IEEE presentation release statements This document has been prepared to assist the IEEE Working Group. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. The contributor grants a free, irrevocable license to the IEEE to incorporate material contained in this contribution, and any modifications thereof, in the creation of an IEEE Standards publication; to copyright in the IEEE’s name any IEEE Standards publication even though it may include portions of this contribution; and at the IEEE’s sole discretion to permit others to reproduce in whole or in part the resulting IEEE Standards publication. The contributor also acknowledges and accepts that this contribution may be made public by IEEE The contributor is familiar with IEEE patent policy, as outlined in Section 6.3 of the IEEE-SA Standards Board Operations Manual and in Understanding Patent Issues During IEEE Standards Development Section 6.3 of the IEEE-SA Standards Board Operations Manualhttp://standards.ieee.org/guides/opman/sect6.html#6.3
IETF BOF Information A BOF (Bird-Of Feather) meeting is scheduled on March 23 in 65 th IETF Two different topics are discussed in the BOF (actually two BOFs are merged into a single BOF): PREAUTH (Pre-authentication and Heterogeneous Handover) HOAKEY (Handover and Application Keying) In this presentation, we focus on PREAUTH work PREAUTH mailing list information:
Motivation of the work There has been significant amount of work for optimizing IP mobility management FMIPv6, HMIPv6 and NETLMM, etc. The focus was on optimizing IP mobility signaling Optimizing overall handover performance including network access authentication and authorization has not been considered Network access authentication and authorization can be the most time consuming procedure Authorization by a central authority such as a AAA server would be needed for a heterogeneous handover in which authorization characteristics are different before and after a handover
Objective of the work The objective is to improve the overall performance of IP mobility especially for heterogeneous handover Approach: Pre-authentication An authentication procedure for a target network to authenticate a mobile prior to handover using the connectivity to the current network We consider pre-authentication over IP
Expected Improvement with Pre-authentication Time Without Pre-authentication L2 Handoff Network access Authentication and Authorization with Pre-authentication Time Network access Authentication and Authorization Possible Packet Loss Period With Pre-authentication
Scope: Problem Statement and Framework Developing problem statement and a framework that are centered around pre- authentication for seamlessly performing heterogeneous handover The problem statement and framework will cover at least inter-domain, inter- technology handovers The problem statement and framework will support both single-interface and multi- interface devices The framework will work on link-layer security requirements for the pre- authentication to work The framework does not depend on particular link-layer technologies, however, the following specific link-layer technologies will be considered as target technologies: , , cdma2000, GPRS, DSL
Scope: Problem Statement and Framework (cont’d) The framework will work on AAA-related issues that need to be addressed for developing RADIUS/Diameter related extensions to support pre- authentication. Possible issues are: How to distinguish pre-authentication from initial entry authentication or re-authentication When to start accounting. The framework will follow the EAP keying framework and make necessary extensions to the EAP keying framework only if the extensions are unavoidable
Scope: Pre-authentication Protocol Development Developing a pre-authentication protocol There are at least two possible types of pre-authentication protocols One type (Type 1) is based on running EAP with an authenticator in the target access network. This is being developed by the PANA WG The other (Type 2) is based on relying on keys from an earlier EAP authentication being pre-distributed to authenticators in target access networks PREAUTH group will work on Type 2 pre-authentication protocol
Relevance to Defining a security mechanism is out of the scope of for now However, some work related to pre-authentication may be relevant to , e.g., Pre-authentication events Pre-authentication commands Issues: Is pre-authentication important for ? Does WG need to revise the PAR to support pre- authentication? Should a new TG be formed in WG to work on pre- authentication?